PT-2025-41290 · Sourcecodester · Student Grades Management System
Sidzeroday
·
Published
2025-10-08
·
Updated
2025-10-09
·
CVE-2025-11485
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Student Grades Management System version 1.0
Description
A security issue exists in SourceCodester Student Grades Management System. The
add user function within the /admin.php file, specifically in the Manage Users Page component, is susceptible to cross site scripting due to manipulation of the first name and last name arguments. This issue can be exploited remotely. The details of the issue have been publicly disclosed.Recommendations
Apply any available updates to address the vulnerability in the
add user function of the /admin.php file.
As a temporary workaround, consider restricting or sanitizing input to the first name and last name parameters of the add user function.Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Student Grades Management System